IPv6 - Kasetsart University · IPv6 header IPv6 header is simpler than IPv4 IPv4: 14 fields, variable length (20 bytes +) IPv6: 8 fields, fixed length (40 bytes) Header fields eliminated

1

IPv6

รศ.ดร. อนันต์ ผลเพิม่

Asso. Prof. Anan Phonphoem, [email protected]

http://www.cpe.ku.ac.th/~anan

Computer Engineering Department

Kasetsart University, Bangkok, Thailand

Mar 2018

2

Outline

IP Address Management

Rationale for IPv6

IPv6 Addresses

IP Address Management

3

Abbreviation

4

Full Name

ICANN Internet Corporation for Assigned Names and Numbers

IANA Internet Assigned Numbers Authority• a department of ICANN• responsible for allocation of globally unique names and no.

RIR Regional Internet Registries

APNIC Asia Pacific Network Information Center

ARIN American Registry for Internet Numbers

RIPE NCC Réseaux IP Européens Network Coordination Centre • Europe, Middle East and parts of Central Asia

RIR World Map

5

http://en.wikipedia.org/wiki/IPv4_address_exhaustion

6

The early years: 1981 – 1992

IANA: Internet Assigned Numbers Authority

7

Global Routing Table: ’88 - ’92

0

1000

2000

3000

4000

5000

6000

7000

8000

9000

ก.ค.-

88

ม.ค.-

89

ก.ค.-

89

ม.ค.-

90

ก.ค.-

90

ม.ค.-

91

ก.ค.-

91

ม.ค.-

92

ก.ค.-

92

8

0

10000

20000

30000

40000

50000

60000

70000

80000

90000

100000

Jan-89 Jan-90 Jan-91 Jan-92 Jan-93 Jan-94 Jan-95 Jan-96

Global Routing Table: ’88 - ’92

Where do IP addresses come from?

9

10

The boom years: 1992 – 2001

“It has become clear that … these problems are likely to become critical within the next one to three years.” (RFC1366)

“…it is [now] desirable to consider delegating the registration function to an organization in each of those geographic areas.” (RFC 1338)

1992:

APNIC: Asia Pacific Network Info CenterARIN: American Registry for Internet NumbersRIPE: Europe

11

Global routing table

http://bgp.potaroo.net/as1221/bgp-active.html

CIDR

deployment

“Dot-Com”

boom

Projected

routing table growth

without CIDR

Sustainable

growth?

12

Recent years: 2002 – 2005

2004:

Establishment of the Number Resource Organization

Growth of the BGP Table 1994 to 2013

13

http://bgp.potaroo.net/

Note: Routing Information Base (RIB), also known as IP Routing TableForwarding Information Base (FIB), also known as IP forwarding table

Rationale for IPv6

14

15

Future of the Internet

16

What is wrong with IPv4 ?

Internet growth

New applications – Real time app

Network Changes

Need for corporations

IPv4 Exhaustion

“ Early this morning, the Asia Pacific Network Information Centre (APNIC) announced that it had been allocated two /8 address blocks from the Internet Assigned Numbers Authority (IANA). Those two blocks, 39/8 and 106/8, were the last unallocated blocks in the IANA free pool of IPv4 address available to Regional Internet Registries (RIR). With the allocation, the final days of IPv4 have moved closer as the number of available addresses that can be allocated will dwindle. “

17

Last of the IPv4 Addresses AllocatedBy Sean Michael Kerner | Feb 1, 2011http://www.enterprisenetworkingplanet.com/news/article.php/3923031/Last-of-the-IPv4-Addresses-Allocated.htm

IPv4 assignment

18

http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml

IPv4 Resource Allocations Date: 11 Dec 2013

19

AFRINIC3%

APNIC20%

ARIN40%

RIPENCC18%

LACNIC5%

IANA14%

http://bgp.potaroo.net/iso3166/v4cc.html

APNIC: Asia Pacific Network Info CenterARIN: American Registry for Internet NumbersRIPE: Europe

IPv4 Free/8

20

21

IPv6 VisionInternet for 10 Billion nodes

Always-on Identity Auto-Configure

MobileAlways-on Security

privacy

22

Rationale for IPv6

IPv4 address space consumption

Now ~10 years free space remaining

Unused addresses reclaimed

projection reality depleted!

Loss of “end to end” connectivity

Widespread use of NAT due to ISP policies and marketing

Additional complexity and performance degradation

23

The NAT

10.0.0.1 ..2 ..3 ..4

*AKA(also known as) home router, ICS, firewall

NAT*

61.100.32.128

R

61.100.32.0/25

61.100.32.1 ..2 ..3 ..4

ISP 61.100.0.0/16

The Internet

24

The NAT “Problem”

Internet

10.0.0.1

61.100.32.128

NAT

?Extn 10

PhoneNetwork

10 4567 9876

PABX

25

NAT implications

Breaks end-to-end network model Some applications cannot work through NATs

Breaks end-end security (IPsec)

Requires application-level gateway (ALG) new application is not NAT-aware, ALG device must

be upgraded

ALGs are slow and do not scale

Merging of separate private networks is difficult Due to address clashes

See RFC2993 Architectural Implications of NAT

IPv6 Deployment

26

#of IPv6 prefixes and AS

27

http://en.wikipedia.org/wiki/IPv6_deployment

Monthly IPv6 allocations per RIR

28

http://en.wikipedia.org/wiki/IPv6_deployment

IPv6 Users by CountryDate: 11 Dec 2013

29

http://bgp.potaroo.net/iso3166/v6dcc.html

IndexISO-3166

CodeInternet Users V6 Use ratio ▴ V6 Users (Est) PopulationCountry

1 CH 6,544,418 12.48% 816,867 7,681,242 Switzerland2 RO 9,710,357 11.16% 1,083,365 22,058,968 Romania3 LU 470,292 10.12% 47,607 517,430 Luxembourg4 DE 68,153,649 6.86% 4,677,521 82,112,831 Germany5 BE 8,152,741 6.30% 513,802 10,452,233 Belgium6 JP 99,409,750 5.98% 5,949,484 125,755,535 Japan7 US 249,622,663 5.89% 14,697,957 320,604,500 United States of America8 EU - 5.82% - -European Union9 PE 11,208,101 5.61% 629,291 31,133,616 Peru

10 FR 51,908,383 5.41% 2,809,229 65,227,926 France11 SG 3,436,691 3.90% 133,939 4,840,411 Singapore12 FJ 280,841 3.46% 9,726 1,003,005 Fiji

13 CZ 7,415,962 2.45% 181,599 10,163,030 Czech Republic14 NO 4,444,303 1.87% 83,211 4,729,492 Norway15 CN 518,047,719 1.50% 7,776,569 1,352,605,013 China16 HK 5,203,449 1.46% 75,778 7,206,994 Hong Kong 17 TW 16,697,956 1.33% 221,294 23,191,606 Taiwan24 MY 16,892,749 0.77% 129,788 27,693,032 Malaysia29 CA 28,793,186 0.40% 115,063 34,690,586 Canada41 TH 16,063,362 0.21% 33,615 67,777,901 Thailand

30

http://bgp.potaroo.net/iso3166/v6dcc.html

Features of IPv6

31

32

IPv6 feature summary

Increased size of address space

Header simplification

Extended Address Hierarchy

Auto-configuration / Renumbering

QoS (Integrated/Differentiated services

IPSec (As for IPv4)

33

IPv6 addressing model

Unicast

Single interface

Anycast

Any one of several

Multicast

All of a group of interfaces

Replaces IPv4 “broadcast”

See RFC 3513

34

Anycast

Assigned to more than one interface

Nodes must know that the add. is anycast add.

Addresses are from the unicast address space

In a region, where anycast is used, each member must have its own entry in the routing table

Note: now used only for (identify) routers

35

IPv4 vs IPv6

IPv4: 32 bits

• 232 addresses= 4,294,967,296 addresses

= 4 billion addresses

IPv6: 128 bits

• 2128 addresses?= 340,282,366,920,938,463,463,374,607,431,770,000,000

= 340 billion billion billion billion addresses?

• No, due to IPv6 address structure…

36

IPv6 header

IPv6 header is simpler than IPv4 IPv4: 14 fields, variable length (20 bytes +)

IPv6: 8 fields, fixed length (40 bytes)

Header fields eliminated in IPv6 Header Length

Identification

Flag

Fragmentation Offset

Checksum

Header fields enhanced in IPv6 Traffic Class

Flow Label

37

IPv6 transition

Dual stack hosts

Two TCP/IP stacks co-exists on one host

Supporting IPv4 and IPv6

Client uses whichever protocol it wishes

38

IPv6 transition

IPv4 IPv6

www.apnic.net

??

IPv4

TCP/UDP

Application

IPv6

Link

39

IPv6 tunnel over IPv4

IPv4Network

IPv6 IPv6

IPv6 Header Data

IPv4 Header IPv6 Header Data

IPv6 Header Data

tunnel

IPv6 transition

IPv6 Addressing

40

Address Structure

41

Prefix Type

42

Provider-Based Unicast Address

43

Type ID Registry ID

Address Hierarchy

44

45

IPv6 address format

8 groups of 4 hexadecimal digits

Each group represents 16 bits

Separator is “:”

Case-independent

46

2001:0DA8:E800:0000:0000:0000:0000:0001

2001:0DA8:E800:0000:0260:3EFF:FE47:0001

IPv6 address format

2001:DA8:E800:0:260:3EFF:FE47:1

2001:0DA8:E800:0000:0000:0000:0000:0001

2001:0DA8:E800:0000:0260:3EFF:FE47:0001

2001:DA8:E800::1

47

Special Address

Unspecified address

0:0:0:0:0:0:0:0 ::

Source add. (when own add. is unknown)

48

Loopback address0:0:0:0:0:0:0:1 ::1

For testing

Datagram is delivered to local machine

Special Address

Transition IPv4 → IPv6

2 Formats

Compatible Address

(v6host → v4net → v6host)

Mapped Address

(v6host → v6net → v4host)

49

Compatible Address

50

(v6host → v4net → v6host)

Mapped Address

51

(v6host → v6net → v4host)

Local Address:

Site Local Address

52

Scope of an entire site (organization)

No public prefix required

Allow addressing within an organization

Not forward to outside (public Internet)

Similar to Private IPv4

Prefix FEC0::/10

Note: Start address with FExx:

Local Address:

Link Local Address

53Note: Start address with FExx:

Smaller scope than Site Local Add

Refer only to a particular physical link

Routers will not forward datagram using Link Local Add at all, not even within the organization

IPv6 Neighbor Discovery (ND)

Prefix FE80::/10

Multicast Address

54Note: Start address with FFxx:

55

Multicast

Multicast (and Anycast) built in from the Beginning

Scope more well-defined – 4 bit integer

Doesn’t influence well-defined groupsValue Scope

0 Reserved

1 Node Local

2 Link Local

5 Site Local

8 Organization Local

E Global Local

F Reserved

56

Multicast

A Few Well-Defined Groups

Note all begin with ff, the multicast addresses

Much of IGMP is from IPv4, but is in ICMP nowValue Scope

FF02::0 Reserved

FF02::1 All Nodes Address

FF02::2 All Routers Address

FF02::4 DVMRP Routers

FF02::5 OSPF

FF02::6 OSPF Designated Routers

FF02::9 RIP Routers

FF02::D All PIM Routers

57

Obtain IP Address

Router Adv.

Link Address

00:A0:C9:1E:A5:B6Prefix

4C00::/80

+ IPv6 Address

4C00::00A0:C9:1E:A5:B6

=

58

Obtain IP Address

DHCP

server

DHCP Request

00:A0:C9:1E:A5:B6

DHCP Response

4c00::00:A0:C9:1E:A5:B6

Packet Format

59

60

Structure of IPv6 Datagram

Base Header is fixed

40 Octets long

Options are in an extension header

Several extension headers

IPv6 Header

61

Basic Headers

62http://www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8054d37d.html

63

Basic Headers (Fields)

Version (4 bits) – only field to keep same position & name Class (8 bits) – new field Flow Label (20 bits) – new field Payload Length (16 bits) – length of data, slightly

different from total length Next Header (8 bits) – type of the next header, new idea Hop Limit (8 bits) – was time-to-live, renamed Source address (128 bits) Destination address (128 bits)

64

Header Simplification

Fixed length of all fields, not like old options field

Remove Header Checksum – rely on checksums at other layers

No hop-by-hop fragmentation – fragment offset irrelevant – MTU discovery

Add extension headers – next header type (sort of a protocol type, or replacement for options)

Basic Principle: Routers along the way should do minimal processing

65

Extension Headers

How do we know whether or not we have an upper layer header, or an extension header?

Both are combined into header types

66

Header Types

Look in packet for Next Header

Can be Extension Header

Can be something like ICMP, TCP, UDP, or other normal types

Header Type (Next Header)

67

คา่ รหสัยอ่ ชนิด

0 HBH Hop-by-Hop Options Header

6 TCP Tranmission Control Protocol

17 UDP User Datagram Protocol

43 RH Routing Header

44 FH Fragmentation Header

45 IDRP Inter-Domain Routing Protocol

51 AH Authentication Header

52 ESP Encrypted Security Payload

59 Null No Next Header

68

Extension Headers Types

1. Routing Header (RH-43)

2. Fragmentation Header (FH-44)

3. Hop-by-Hop Options Header (HBH-0)

4. Destinations Options Header (60)

5. Authentication Header (AH-51)

6. Encrypted Security Payload Header (ESP-52)

Base Header Extensions TCP/UDP Data

69

Extension Headers: 1. Routing Header (RH-43)

Version Traffic class Flow Label

Payload Length Next Hdr : 43

Hop Limit

Source Address

Destination Address

Next Hdr : 6 Hdr Len Other fields

Routing

70

Extension Headers

General Routing Header

Forwarding IPv6 Packets with the Hop-by-Hop Extension Header

71

The Hop-by-Hop Extension Header is the ONLY EH that MUST be fully processed by all network devices

http://www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8054d37d.html

Forwarding IPv6 Packets with the other Extension Headers

72

Network devices are not required to process any of the other IPv6 extension headers when simply forwarding the traffic

http://www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8054d37d.html

73

Extension Headers:2. Fragmentation Header (FH-44)

“I thought we don’t fragment?”

Can do at the sending host

Insert fragment headers

74

Extension Headers

Options Headers in General

The usual next header and length

Any options that might be defined

75

Extension Headers:3. Hop-by-Hop Extension Header (HBH-0)

The usual format of an options header

An example is the jumbo packet

Payload length encoded

Can’t be less than 65,535

Can’t be used with fragmentation header

76

Extension Headers:4. Destinations Options Header(60)

Act – The Action to take if unknown option

00 – Skip Over

01 – Discard, no ICMP report

10 – Discard, send ICMP report even if multicast

11 – Discard, send ICMP report only if unicast

C – Can change in route

Number is the option number itself

77

Extension Headers: 5. Authentication Header (AH-51)

78

Extension Headers: 6. Encryption Header (ESP-52)

79

Address Chain

80

Extension Header Order

Hop-by-Hop options Header

Destination options Header (1)

Routing Header

Fragment Header

Authentication Header

Destination Options Header (2)

Upper Layer Header, e.g. TCP, UDP

81

ICMP

Completely Changed – note new header type

Now includes IGMP

Types organized as follows 1 – 4 Error messages

128 – 129 Ping

130 – 132 Group membership

133 – 137 Neighbor discovery

General Format

82

ICMPType Description

1 Destination Unreachable

2 Packet Too Big

3 Time Exceeded

4 Parameter Problem

128 Echo Request

129 Echo Reply

130 Group Membership Query

131 Group Membership Report

134 Router Advertisement

83

ICMP

Error Messages (Types 1 – 4): Examples

Destination Unreachable

Code 0 – No route to destination

Code 1 – Can’t get to destination for admin. reasons

Code 2 – Address unreachable

Code 3 – Port Unreachable

Packet Too Big

Code 0, Parameter is set to MTU of next hop

Allows for MTU determination

84

ICMP General Format

85

ICMP

Ping

Similar to IPv4

Echo Request, set code to 0

Echo Reply sent back

General Format

86

Changes from IPv4 to IPv6

Expanded addressing capabilities

Header format simplification

Improved support for extensions and options

Flow labeling capability

Authentication and privacy capabilities

IPv6 Address Structure

87

88

128 bits

IPv6 address structure

Topological Interface

/0 /64 /128

Infrastructure Site

/0 /64/48

Infrastructure CustomerISP

/0 /48/32

• Each site address is /48

• Providing 216 = 65,536 subnet addresses

• Current ISP allocation (min) is /32

• Providing 216 = 65,536 customer site addresses

• ISP allocation can be larger and can increase

89

Every ISP receives a /32 (or more)

Providing 65,536 site addresses (/48)

/32

/32

IPv6 – ISP addressing

/32

90

Every “site” receives a /48

Providing 65,536 /64 (LAN) addresses

IPv6 – Site addressing

/48

91

IPv6 – LAN addressing

Every LAN segment receives a /64

Providing 264 interface addresses per LAN

/64

92

IPv6 – Device addressing

Every device interface receives a /128 May be EUI-64 (derived from interface MAC address), random

number (RFC 3041), autoconfiguration, or manual configuration

/128 /128

/128

/128

93

References

“Tutorial - IPv6 Address Management” by Paul Wilson, Director General, APNIC

“IPv6 Tutorial/Workshop” by Rick Summerhill, Great Plains Network, and Dale Finkelson, U of Nebraska at Lincoln

“IPv6 21st Century Internet” by IPv6 Forum

“IPv6 Education and Deployment Efforts in Japan” by Takashi Arano, NTT Communications